240 likes | 356 Views
DePaul University Computer Network Security. Are We Safe?. Telephone System central authority network in control billing records per connection legal issues well understood provisions for law enforcement (wiretapping). Internet no central authority end systems in control
E N D
DePaul UniversityComputer Network Security Are We Safe? John Kristoff
Telephone System central authority network in control billing records per connection legal issues well understood provisions for law enforcement (wiretapping) Internet no central authority end systems in control no central knowledge of connections no per-packet billing legal issues not well understood anonymity is easy Internet 101 John Kristoff
Internet Security Stinks • Hosts are hard to secure • Bad defaults • Poor software • Fixes rarely applied • Average user/administrator is clueless • An overly secure system is not useful • It’s difficult to coordinate among sites John Kristoff
Exploits Overview • Passwords • hacking and sniffing • System specific • NT, UNIX, NetWare, Linux • Application specific • web browser, ftp, email, finger • Protocol specific • spoofing, TCP hijacking, ICMP redirects, DNS • Denial of Service • PING of death, trinoo, tribe flood John Kristoff
The Process • Reconnaissance • Scanning • Exploit Systems • Keep access with backdoors/trojans • Use system • Often as a springboard • Cover any tracks John Kristoff
The Problem is Real • Just over a year ago... • ResNet/DPO • cgi-bin/phf • Oracle • CTI • Plain text John Kristoff
Recently... • We receive hundreds of probes every day • This weekend a single host sent at least 2000 scans to our address space for port 23 • .kr and .tw are popular sources • DNS scans • @home.com, aol.com are frequent flyers • ResNet students John Kristoff
Gotcha! John Kristoff
Password Hacking • Attackers can watch packets go by • Usually part of the attacker’s plan when compromising a host • One of the most common problems • Encryption for remote access helps • Note: even encrypted password files can be cracked John Kristoff
Denial of Service Attacks • A Very Difficult Problem to Solve! • Real World Example • Everyone dials 911 at the same time • How do you screen and more importantly, stop the bad ones? • Most effective when source address is spoofed John Kristoff
Example Distributed Denial of Service Illustrated John Kristoff
Viruses and Worms • Programs written with the intent to spread • Worms are very common today • Usually email based (e.g. ILOVEYOU) • Viruses infect other programs • Code copied to other programs (e.g. macros) • Requires the code to be executed • Proves users continue to do dumb things • Sometimes software is at fault too John Kristoff
Buffer Overflows and Weak Validation of Input • One of the most popular security issues • Popular exploits with CGI scripts • Regular users can gain root access • Can pass commands to be executed • e.g. Network Solutions easysteps.pl • Sometimes root access can be gained John Kristoff
Network Mapping • PING • DNS mapping (don’t need zone transfer) • dig +pfset=0x2020 -x 10.x.x.x • rpcinfo -p <hostname> • nmap <http://www.insecure.org/nmap/> • very nice! • Microsoft Windows is NOT immune • nbtstat, net commands • Just look around the ‘net! John Kristoff
Firewall Solutions • They help, but not a panacea • A network response to a host problem • Packet by packet examination is tough • Don’t forget internal users • Need well defined borders • Can be a false sense of security John Kristoff
Internal Security • Most often ignored • Most likely the problem • Disgruntled (ex-)end user • Curious, but dangerous end user • Clueless and dangerous end user John Kristoff
Security by Obscurity • Is no security at all. • However • It’s often best not to advertise unnecessarily • It’s often the only layer used (e.g. passwords) • Probably need more security John Kristoff
Layered Defenses • The belt and suspenders approach • Multiple layers make it harder to get through • Multiple layers take longer to get through • Basic statistics and probability apply • If Defense A stops 90% of all attacks and Defense B stops 90% of all attacks, you might be able to stop up to 99% of all attacks • Trade-off in time, money and convenience John Kristoff
Physical Security • Trash bins • Social engineering • It’s much easier to trust a face than a packet • Protect from the whoops • power • spills • the clumsy • software really can kill hardware John Kristoff
If I Were You, I’d... • Keep up on your host patches/fixes • Be very careful with email attachments • Disable unnecessary services • Use encryption (ssh) whenever possible • avoid telnet, ftp, pop-3 email, etc. • Audit often • keep logs, keep backups John Kristoff
A Word About Network Address Translation • It has no place in this talk • It is misunderstood and misapplied • It is fundamentally bad for the Internet • Just say NO to RFC 1918 John Kristoff
Food For Thought • http://networks.depaul.edu/security/ • dpu.security • DePaul FIRST Team • Any further interest in security education and research? John Kristoff
References • bugtraq mailing list • http://www.sans.org • http://www.cert.org • http://www.cerias.perdue.edu • http://www.securityportal.com/lasg/ • http://cale.cs.depaul.edu • http://www.securityfocus.com • http://www.denialinfo.com • http://www.enteract.com/~lspitz/pubs.html • http://www.robertgraham.com/pubs/ • http://cm.bell-labs.com/who/ches/ • http://www.research.att.com/~smb/ • http://packetstorm.securify.com John Kristoff
My Information • Networks Group, DePaul University • http://condor.depaul.edu/~jkristof/ • jtk@depaul.edu • (312) 362-5878 John Kristoff